CVE-2026-1815

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation TEİAŞ Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13...

Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps

Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin , according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of distinct websites...

Im Park DijiDemi 安全漏洞

Im Park DijiDemi is an educational software developed by Im Park Company in Turkey. Versions of Im Park DijiDemi from 4.5.12.1 to 4.5.13.0 had security vulnerabilities. These vulnerabilities were caused by authorization bypasses due to user control keys, which could lead to permission abuse...

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

Cybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to conduct device takeover DTO and financial fraud. Perseus is built upon the foundations of Cerberus and Phoenix, at the same time evolving into a "more...

A DarkSword hangs over unpatched iPhones

Researchers at Google have identified an iOS exploit chain, named DarkSword, that has been used since late last year by multiple actors to infect iPhones with malware in targeted attacks. DarkSword combines six vulnerabilities in iOS and Safari to deploy malware on the device. It demonstrates, on...

KNOWHY EduAsist 跨站脚本漏洞

KNOWHY EduAsist is an AI teaching assistant developed by KNOWHY Company in Turkey. Versions of KNOWHY EduAsist prior to 27022026 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during web page generation, which could lead to reflective cross-site...

Vadi Corporate Information Systems DigiKent 安全漏洞

Vadi Corporate Information Systems DigiKent is an internet platform operated by Vadi Corporate Information Systems in Turkey. Vadi Corporate Information Systems DigiKent versions prior to 13092025 contained security vulnerabilities. These vulnerabilities stemmed from the exposure of sensitive...

CVE-2025-6830 SQLi in Xpoda Türkiye Information Technology's Password Module

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xpoda Türkiye Information Technology Inc. Password Module allows SQL Injection. This issue affects Password Module: through 11022026...

CVE-2025-6830

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xpoda Türkiye Information Technology Inc. Password Module allows SQL Injection. This issue affects Password Module: through 11022026...

Echo Specto CM 跨站脚本漏洞

Echo Specto CM is a call center management system from Echo Turkey. A cross-site scripting vulnerability exists in versions prior to Echo Specto CM 17032025, which stems from improper input neutralization and could lead to a stored cross-site scripting attack...

Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence

Threat hunters have discerned new activity associated with an Iranian threat actor known as Infy aka Prince of Persia, nearly five years after the hacking group was observed targeting victims in Sweden, the Netherlands, and Turkey. "The scale of Prince of Persia's activity is more significant tha...

Menulux Mobile App 安全漏洞

Menulux Mobile App is a mobile application from Menulux Turkey. A security vulnerability exists in Menulux Mobile App versions prior to 9.5.8, which stems from an authorization bypass that could lead to the exploitation of trusted identifiers...

TalentSoft e-BAP Automation 跨站脚本漏洞

TalentSoft e-BAP Automation is an enterprise management automation platform from TalentSoft Turkey. A cross-site scripting vulnerability exists in TalentSoft e-BAP Automation prior to version 42957, which stems from improper input neutralization and could lead to a reflected cross-site scripting...

TalentSoft e-BAP Automation 跨站脚本漏洞

TalentSoft e-BAP Automation is an enterprise management automation platform from TalentSoft Turkey. A cross-site scripting vulnerability exists in TalentSoft e-BAP Automation version 1.8.96 up to and including v.41815, which stems from improper input neutralization and could lead to cross-site...

MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign

The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol UDP for command-and-control C2 purposes. The cyber espionage activity targeted users in Turkey, Israel, and Azerbaijan, according to a report from...

Argus BILGER 安全漏洞

Argus BILGER is an industrial communication and data acquisition software from the Turkish company Argus. A security vulnerability exists in Argus BILGER versions prior to 2.4.9, which stems from the insertion of sensitive information into sent data and could lead to a select message identifier...

Shopside App 安全漏洞

Shopside App is a shopping application by Shopside Turkey. A security vulnerability exists in Shopside App 05022025 and earlier versions, which stems from improper restriction of the rendering UI layer or frame, which may result in an iFrame override...

EUVD-2025-102450

Malicious code in rudeturkeyz3n npm...

Malicious code in vulnerable_turkey_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9eff421bd35fae1c763e0aa59eba98eda3ae53cfe85852d321e149877da5765 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-102724

Malicious code in radicalturkeyz3n npm...